Company

Exakat in Github Action

Posted on by dams

Exakat in Github ActionExakat in Github Action

Github Actions is way to automate your software development workflow on github. You can execute actions on your repositories at Github, and resolve issues before merging new code. Exakat integrates smoothly in the Github ecosystem with a dedicated action and its configuration. Let’ install Exakat in Github Action!

Getting started

Exakat for Github is available on Github Market place in the Code Quality and Security sections.

The installation process is as reduced as adding a new file to the repository.

  • Navigate to your repository, as a github user with writing rights.
  • Create a new file, with the button Add file

  • Call this file .github/workflows/test.yml. .github is a special folder for Github, and workflows is the folder dedicated to actions.
  • Fill the test.yml file with the following YAML code :
on: [push, pull_request]
  name: Test 
  jobs:   
        exakat:     
          name: Scan with Exakat     
          runs-on: ubuntu-latest     
          steps:
             - uses: actions/checkout@v2
             - name: Exakat       
             - uses: docker://exakat/exakat-ga

The action is now configured to be automatically activated upon push and pull request actions. If you have a public repository, it will be free to use; if you have a private repository, it will be counted on your plan.

The steps mention a action/checkout@v2 step, which clones the code into the Action environment, so that exakat/exakat-ga can audit it.

  • Commit the configuration file to Github
  • In the toolbar, you can find ‘Actions’ next to ‘Pull Request’. There, you’ll find the action being run. All run of the action will be listed there. You can click on the current action to see it running.

  • All results from Exakat will be listed there when it is finished. Note that this page doesn’t refresh automatically, so you have to click on Test or Scan with Exakat to see it being refreshed.
  • When the audit is done, the results are displayed as a text table : each block is a file, and each line has the line number, the description of the issue, and the rule short names.

 

 

 

-----------------------------------------------------------------------------------
 line  /thinkphp/library/think/controller/Rest.php
-----------------------------------------------------------------------------------
   41 Static Methods Called From Object        Classes/StaticMethodsCalledFromObject   
   42 Should Make Ternary                      Structures/ShouldMakeTernary            
   42 Uses Default Values                      Functions/UsesDefaultArguments          
   42 Wrong Type For Native PHP Function       Php/WrongTypeForNativeFunction          
   50 Wrong Number Of Arguments                Functions/WrongNumberOfArguments        
   77 Drop Else After Return                   Structures/DropElseAfterReturn          
   95 Wrong Type For Native PHP Function       Php/WrongTypeForNativeFunction          
  132 Uses Default Values                      Functions/UsesDefaultArguments          
-----------------------------------------------------------------------------------

For example, in the file /thinkphp/library/think/controller/Rest.php, on line 42, Wrong Type For Native PHP Function has been detected. The documentation for this rule is available at Wrong Type For Native PHP Function.

Congratulations! You have now configured Exakat to run on your repository. It will run immediately, and provide you with insight on the code.

Configuring Exakat

It is possible to configure the Github Action and ignore rules and ignore directories

Excluding rules

By default, Exakat on Github Actions runs the CI-checks ruleset. This is a pre-defined set of 180 rules. This is only a small subset of the vast reference library of Exakat (over 750 analysis documented). It is nice for a first audit, and it may be too much for a daily usage, until those issues are under control.

Let say that ‘Should Make Ternary‘ and ‘Uses Default Values` are too much for this repository. We can consider these problems later.

To omits those rules, we are going to configure Exakat Github Action with the short code, which are the third column in the results.

  • Go to the previously created .github/workflows/test.yml
  • Edit the test.yml file with the online editor
  • Add the following lines at the end of the file, after the `use:’ keyword : this is a parameter for this command. Make sure to use the valid YAML syntax

    with:
      ignore_rules: 'Structures/ShouldMakeTernary,Functions/UsesDefaultArguments'
  • Commit the newly edited test.yml file
  • Go again in the Actions tab.
  • Once the results are in, we now have fewer issues per files.

The ignore_rules directive allows for fine-tuning the auditing system by choosing the exact rules that fit your workflow. Use it to ignore rules that are not valuable for you, focusing on the important ones.

Excluding folders

By default, Exakat runs the audit on the whole repository. Yet, some folders may be excluded, such as cache or test folders. Here, the unit tests are in /thinkphp/tests. We’ll use it to omit those files.

  • Go to the previously created .github/workflows/test.yml
  • Edit the test.yml file with the online editor
  • Add the following lines at the end of the file, after the ignore_rules: keyword : this is a parameter for the uses command. Make sure to use the valid YAML syntax ignore_dirs: '/thinkphp/tests'
  • Commit the newly edited test.yml file
  • Go again in the Actions tab.
  • Once the results are in, we now have fewer files

 

The ignore_dirs directive allows for fine-tuning the audited files. Use it to ignore files, to keep the audit quick and efficient.

Good Audits

You are now all set to use Exakat on Github. It runs on every commit and PR, and you can now focus on the important rules to monitor your code. The complete documentation for Exakat is available online.